recon-ng – Good tool for Information Gathering

Recon-ng is a tool written in python mostly used in information gathering with its independent modules, keys list and other modules. This tool is preloaded with lots of modules which use online search engines, plugins and API which can help in gathering the information of the target.

Ethical hacking research of iicybersecurity says that this tool comes handy in penetration testing & information gathering. Hardcore pentesters spend lot of time on this tool to gather information.

After executing the above query, it has returned with the list of host names or we can say sub domains of testsite.com and their IP addresses. The above output can be used in initial phases of information gathering.

As you can see above that the SOURCE is set to http://testsite.com/, if the SOURCE is not set to anything you can set the SOURCE by typing set SOURCE http://testsite.com. Once the SOURCE is set you have to run this module, so to run this module you will have to type run command as shown below:

After executing the XSSposed query it has shown 4 vulnerabilities which can be used in cross-site scripting attacks. In cross-site attacker tries to inject client-side scripts in web pages which can further be exploited in other ways.

Ethical hacking researcher of iicybersecurity comments that this tool is single point tool in gathering information about the target and hardcore pentesters spend lot of time on this tool to gather information.

In the above output, shodan api has scanned the hostname:target in its query to list all the IP address of the target hostname and their open ports. Shodan is mainly popular for showing the open ports of the websites and their IP address.